[rtems-tools commit] rtems-bin2c.c: Check length of buffer to be copied
Joel Sherrill
joel at rtems.org
Wed Sep 29 14:58:26 UTC 2021
Module: rtems-tools
Branch: master
Commit: 05dab02722b7df3f1f231884e5f58cc7be969b75
Changeset: http://git.rtems.org/rtems-tools/commit/?id=05dab02722b7df3f1f231884e5f58cc7be969b75
Author: Ryan Long <ryan.long at oarcorp.com>
Date: Mon May 17 16:58:14 2021 -0400
rtems-bin2c.c: Check length of buffer to be copied
CID 1063892: Copy into fixed size buffer in process().
Closes #4424
---
misc/bin2c/rtems-bin2c.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/misc/bin2c/rtems-bin2c.c b/misc/bin2c/rtems-bin2c.c
index 8e32d25..462ecf0 100644
--- a/misc/bin2c/rtems-bin2c.c
+++ b/misc/bin2c/rtems-bin2c.c
@@ -141,6 +141,19 @@ void process(const char *ifname, const char *ofname, const char *forced_name)
char *ifbasename;
ifbasename = basename(ifbasename_to_free);
+ /* Ensure length of ifbasename is shorter than length of buf */
+ if (strlen(ifbasename) > PATH_MAX+1) {
+ fprintf(
+ stderr,
+ "error: Base name of %s is too long.\n",
+ ifbasename
+ );
+ fclose(ifile);
+ if ( createC ) { fclose(ocfile); }
+ if ( createH ) { fclose(ohfile); }
+ exit(1);
+ }
+
strcpy(buf, ifbasename);
sanitize_file_name(buf);
More information about the vc
mailing list